Jersey Community Foundation (referred to as “JCF”, “we” or “us”) for the purpose of this notice, are the data controllers and we are pleased to provide you with the following Privacy Notice.
Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and understand how we use it to offer you a better and more personalised experience.
Personal Data we Collect:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We hold Personal data on those who may make a donation, those that apply for grants (on behalf of an organisation or personally), and referees for grants.
We may collect, receive, use, store and transfer different kinds of personal data about you, examples of which we have listed below:
- First, maiden, and last name, email, phone number, address, and other relevant contact details (for individuals and contact for an organization).
- Details of grants made, and donations made.
- Purpose and details about application for Grants and Donors.
- Financial data, family, education, and employment information (needed for assessment of grant).
- Communication with you – correspondence, meeting notes and attendance at events.
- Accounts submitted – managing accounts, bank account information, budgets, and business plans (for organisations requesting grants).
- Occupations, skills, professional activity and network(s) and connections in Jersey.
- Usage data includes information about how you use our website.
- Marketing and communications data including your preference in receiving marketing from us.
We may collect Special Category data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) only if it is volunteered by you, for example when you apply for a grant as an individual.
How and Why We Use Personal Data:
This section explains in detail how and why we use personal data. In order to collect and process personal data about you we need to have a lawful basis. The main Lawful basis we rely on includes Contract, where you have applied for and received a grant, Consent, where you have given permission and our Legitimate Interests, where processing is in our interest and we believe you would have a reasonable expectation for us to do this.
We collect and receive personal data from you through your interactions with us, including:
- You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Apply for a grant from us (data of individuals and organizations making the grant).
- When you apply to be a Donor.
- You are a prospective Donor.
- You are our Partner and one of our Network of Foundation supporters.
- You are one of our team members.
- Enter a competition, promotion or survey, and
- Contact us (whether by post, phone, email or otherwise) or provide us with feedback.
If you are using one of our social media pages, please remember that our page is provided via social media platform sites, such as Facebook, which has its own functionality, terms and privacy policies. Please ensure you have read these carefully and have checked your own personal settings to ensure you are happy with how your information will be used by the social media site. Our social media pages may make use of these functions, but we do not control them and are not responsible for them. We will not assume responsibility for data shared or the responsibilities of a data controller, that responsibility will remain with the social media provider.
We will monitor the social media site on occasion and, as soon as practically possible, any inappropriate entries will be removed.
Sharing personal data with third parties:
We may on occasions pass your Personal Information to third parties exclusively to process on our behalf. We require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice.
We do not pass on information gained from your engagement with us without a clear legal basis for doing so. However, we may disclose your Personal Information to meet legal obligations, regulations, or valid governmental request. (e.g.details of donations must be shared with the Jersey Charity commission)
How do we protect personal data?
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We apply physical, electronic, and procedural safeguards in connection with the collection, storage and disclosure of personal data.
- We protect the security of your information while it is being transmitted by encrypting it.
- We use computer safeguards such as firewalls and data encryption to keep this data safe.
- We only authorise access to our team and trusted partners who need it to carry out their responsibilities.
- We regularly monitor our systems for possible vulnerabilities and attacks.
- We will ask for proof of identity before we share your personal data with you; and
- Paper copies of data are kept to a minimum, when required they are kept in locked storage cabinets and shredded when required.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this, we ensure that your privacy rights are respected in line with this Policy.
How long do we keep your personal data?
We will not keep your personal data longer than we need to, how long this is, depends on several factors, including:
- Why we collected it in the first place.
- Whether there is a legal/regulatory reason for us to keep it; or
- Whether we need it to protect you or us.
You can at any time ask us to provide you with the retention schedule relating to your own personal data. We will provide this information in accordance with our policy and procedure for Data Subject Access Requests.
Your rights as a data subject
At any point whilst we are in possession of, or processing your data, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. If you believe we hold inaccurate or missing information, please let us know and we will correct it.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. There are several situations when you can have us delete your personal data, this includes (but is not limited to):
- When we no longer need to keep your personal data.
- You have successfully made a general objection.
- You have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it).
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing. There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):
- you have successfully made a general objection.
- you are challenging the accuracy of the personal data we hold.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it or delete it.
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
Subject Access Requests
You have the right to see the personal data we hold about you. This is called a Data Subject Access Request (DSAR).
If you would like a copy of the personal data, we hold about you can use the on-line Data Subject Access Request Form on our websites or write to:
Data Protection Lead
Jersey Community Foundation
12 Dumaresq Street
You can also email us at email@example.com
What identification will be required?
We will accept the following forms of ID when information on your personal data is requested: a copy of your national ID card, driving license or passport. A minimum of one piece of photographic ID listed above and a supporting document is required such as a utility bill not older than three months. If we are dissatisfied with the quality of ID provided, further information may be sought before personal data can be released.
We will respond to your request within a four-week period once your identification has been verified.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
We’d like the chance to resolve any complaints you have; however, you also have the right to complain to the Jersey Office of the Information Commissioner about how we have used your personal data.
The details for each of these contacts are:
Jersey Community Foundation, attention of the CEO
12 Dumaresq Street, St Helier, Jersey, JE2 3RL
Jersey Office of the Information Commissioner -
2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT
Telephone +44 (0) 1534 716530 or Email: firstname.lastname@example.org